<?php 
	acl();
	if($_SERVER["REQUEST_METHOD"]=="POST") {
		if (empty($_SESSION['captcha']) || trim(strtolower($_REQUEST['captcha'])) != $_SESSION['captcha']) {
			sleep(3);
			echo '<script type="text/javascript">alert("invalid captcha");</script>';
		}else {
			$username	= strip_tags($_POST['username']); 
			$first_name	= strip_tags($_POST['first_name']);
			$last_name	= strip_tags($_POST['last_name']);
			$member_scid= strip_tags($_POST['member_scid']);
			$gender		= strip_tags($_POST['gender']);
			$birthday	= strip_tags($_POST['birthday']);
			$company	= strip_tags($_POST['company']);
			$address	= strip_tags($_POST['address']);
			$road		= strip_tags($_POST['road']);
			$soi		= strip_tags($_POST['soi']);
			$subdistrict= strip_tags($_POST['subdistrict']);
			$district	= strip_tags($_POST['district']);
			$province	= strip_tags($_POST['province']);
			$postcode	= strip_tags($_POST['postcode']);
			$telephone	= strip_tags($_POST['telephone']);
			$ip			= getUserIP();
			
			if((!$username)and(!$name_first)and(!$name_last)and(!$birthdate)and(!$fv_product)){
				sleep(3);
				header("location: /profile/$ss_username/");
				exit;
			}
 
			$sql = "UPDATE `tbl_member` SET `username` = '$username', `first_name` = '$first_name', `last_name` = '$last_name', `member_scid` = '$member_scid',   `gender` = '$gender', `birthday` = '$birthday', `company` = '$company', `address` = '$address', `road` = '$road', `soi` = '$soi', `subdistrict` = '$subdistrict', `district` = '$district', `province` = '$province', `postcode` = '$postcode', `telephone` = '$telephone', `ip` = '$ip', `ssid` = '$ss_id', `update` = NOW() WHERE `member_id` = '$ss_member_id' LIMIT 1;";
			mysql_query($sql);
		
			$sql = "SELECT * FROM `tbl_member` WHERE `member_id` = '$ss_member_id' LIMIT 1";
			$query = mysql_query($sql);
			while($result = mysql_fetch_assoc($query)) {
				$_SESSION['profile'] = $result;
			}
		}
		
		header("location: /profile/$ss_username/");
		exit;
		
	}
	$provinceOptions = _u(sqlOptions('SELECT `TH` AS `label` , `province_id` AS `value` FROM `province` WHERE 1 ORDER BY `province_id` ASC; ',$ss_province),'province');
	
	//padding
	$sqls = "SELECT `order_id` FROM `tbl_buy_order`  WHERE  `member_id` = '$ss_member_id' AND  `status` = '0'  ORDER BY `date` ASC";
	$querys = mysql_query($sqls) or die($sqls);
	$tp->Block('padding');
	while($results = mysql_fetch_assoc($querys)){
		$order_id = $results['order_id'];

		$tp_sub = new Template("views/profile/order.html");
		$sql = "SELECT `h`.*,`p`.`title` , `p`.`price` ,`c`.`title` AS `color` , `s`.`title` AS `size`
		FROM `tbl_buy_history`	AS `h` 
		LEFT JOIN `tbl_product` AS `p` ON `h`.`product_id`	= `p`.`product_id`
		LEFT JOIN `tbl_color`	AS `c` ON `h`.`color_id`	= `c`.`color_id`
		LEFT JOIN `tbl_size`	AS `s` ON `h`.`size_id`		= `s`.`size_id`
		WHERE `h`.`order_id` = '$order_id' AND `h`.`member_id` = '$ss_member_id' AND `p`.`status` = '1' ORDER BY `date` ASC";
		$query = mysql_query($sql) or die($sql);
	 
		$tp_sub->Block('list');
		while($result = mysql_fetch_assoc($query)){
			$p_title	= $result['title'];
			$p_price	= number_format($result['price'],2);
			$p_color	= $result['color'];
			$p_size		= $result['size'];
			$p_count	= (int)$result['count'];
			$p_date		= $result['date'];
			$n++;
			$tp_sub->Apply();
		}
		mysql_free_result($query);
		$historyHTML = $tp_sub->generate();
		$tp->Apply();
	}
	mysql_free_result($querys);

	//dilivery
	$sqls = "SELECT `order_id` , `ems_id` FROM `tbl_buy_order`  WHERE  `member_id` = '$ss_member_id' AND  `status` = '1'  ORDER BY `date` ASC";
	$querys = mysql_query($sqls) or die($sqls);
	$tp->Block('dilivery');
	while($results = mysql_fetch_assoc($querys)){
		$order_id = $results['order_id'];
		$ems_id = $results['ems_id'];

		$tp_sub = new Template("views/profile/order.html");
		$sql = "SELECT `h`.*,`p`.`title` , `p`.`price` ,`c`.`title` AS `color` , `s`.`title` AS `size`
		FROM `tbl_buy_history`	AS `h` 
		LEFT JOIN `tbl_product` AS `p` ON `h`.`product_id`	= `p`.`product_id`
		LEFT JOIN `tbl_color`	AS `c` ON `h`.`color_id`	= `c`.`color_id`
		LEFT JOIN `tbl_size`	AS `s` ON `h`.`size_id`		= `s`.`size_id`
		WHERE `h`.`order_id` = '$order_id' AND `h`.`member_id` = '$ss_member_id' AND `p`.`status` = '1' ORDER BY `date` ASC";
		$query = mysql_query($sql) or die($sql);
	 
		$tp_sub->Block('list');
		while($result = mysql_fetch_assoc($query)){
			$p_title	= $result['title'];
			$p_price	= number_format($result['price'],2);
			$p_color	= $result['color'];
			$p_size		= $result['size'];
			$p_count	= (int)$result['count'];
			$p_date		= $result['date'];
			$n++;
			$tp_sub->Apply();
		}
		mysql_free_result($query);
		$historyHTML = $tp_sub->generate();
		$tp->Apply();
	}
	mysql_free_result($querys);

	//complete
	$sqls = "SELECT `order_id` FROM `tbl_buy_order`  WHERE  `member_id` = '$ss_member_id' AND  `status` = '3'  ORDER BY `date` ASC";
	$querys = mysql_query($sqls) or die($sqls);
	$tp->Block('complete');
	while($results = mysql_fetch_assoc($querys)){
		$order_id = $results['order_id'];

		$tp_sub = new Template("views/profile/order.html");
		$sql = "SELECT `h`.*,`p`.`title` , `p`.`price` ,`c`.`title` AS `color` , `s`.`title` AS `size`
		FROM `tbl_buy_history`	AS `h` 
		LEFT JOIN `tbl_product` AS `p` ON `h`.`product_id`	= `p`.`product_id`
		LEFT JOIN `tbl_color`	AS `c` ON `h`.`color_id`	= `c`.`color_id`
		LEFT JOIN `tbl_size`	AS `s` ON `h`.`size_id`		= `s`.`size_id`
		WHERE `h`.`order_id` = '$order_id' AND `h`.`member_id` = '$ss_member_id' AND `p`.`status` = '1' ORDER BY `date` ASC";
		$query = mysql_query($sql) or die($sql);
	 
		$tp_sub->Block('list');
		while($result = mysql_fetch_assoc($query)){
			$p_title	= $result['title'];
			$p_price	= number_format($result['price'],2);
			$p_color	= $result['color'];
			$p_size		= $result['size'];
			$p_count	= (int)$result['count'];
			$p_date		= $result['date'];
			$n++;
			$tp_sub->Apply();
		}
		mysql_free_result($query);
		$historyHTML = $tp_sub->generate();
		$tp->Apply();
	}
	mysql_free_result($querys);
?>